-
-
Save dukechem/51cbe1ec3ea0ede805e37f9720aea9a1 to your computer and use it in GitHub Desktop.
In example scenario below, the "XP" box can also be vista/win7-8-8.1 (maybe even 10), 32 or 64 bit. | |
How to keep XP on minimally on network, but not internet, using network only to update time and push files via scp/sftp. | |
Both old XP and Server are kept safe by closing all ports on XP, and allow that XP computer to connect only to port 37 on a (rfc868 aka "rdate") time-server. The device providing TIME service on port37 should get its own time from internet/intranet (by ntp, etc). | |
(The time-server does not have run a server-os: it can be almost any linux device, or even a windows-pc.) | |
With all ports closed on XP, the time-server cannot infect XP. If XP is infected, such as by a usb-key, it cannot spread over | |
network to time-server (unless time-server has vulnerability known to virus. Turn off smb1 on time-server (if windows)! | |
On XP/7/8/8.1, rdatesvc.exe (= prdatesvc = PermaSoft Rdate service) safely keeps system time and date correct by periodically from | |
port 37 on a specified time SerVeR, such time.nist.gov one of the few public time servers in 2020 still answering on port 37 | |
see https://tf.nist.gov/tf-cgi/servers.cgi In our case since not on internet, we can get date/time from local intranet pc. | |
Old XP pc only able to see RFC868 time SerVeR (rdate at port 37) | |
169.254.x.y (SerVeR) Only port 37 needs be open on the 169.254.x.y fixed IP | |
------ +----------------+ | |
| | | |F | | |
| XP | | |i | | |
| all +-------+ 37 |r +------>WLAN providing correct time and date | |
| ports| | is |e | (usual networking, maybe even internt ;-) | |
|closed| | only |W | | |
| | | port |A | | |
------ | open |L | | |
| |L | | |
private un-routed +----------------+ | |
(ethernet cable) | |
from XP to Server |
You can always test if something is listening at port 37
If on a client without rdate, you can still test what date/time you get from port 37 without running rdate. Below is a method using bash, nc, and xxd from section 4 of "Tiny NTP client" at https://seriot.ch/ntp.php and note I use time.nist.gov instead of ntp.metas.ch
On macos: brew install rdate
and/or brew install netcat
then rdate -p time.nist.gov
or, without rdate you can still display date:
$ date -r$((0x`echo|nc -w1 time.nist.gov 37|xxd -p`-64#23GDW0))
$ # or
$ date -r$((0x`echo|nc -w1 132.163.96.4 37|xxd -p`-64#23GDW0))
Wed Aug 5 16:52:48 EDT 2020
On linux or windows (see steps below showing how, on windows, to get git-bash and netcat with choco)
$ echo $((0x`echo|nc -w1 time.nist.gov 37|xxd -p`-64#23GDW0))
bash: nc: command not found
-2208988800
$ ### (at this point install netcat so the "nc" command is available
$ echo $((0x`echo|nc -w1 37|xxd -p`-64#23GDW0))
1584038030
$ ### (ok, that is the correct number of seconds since the epoch. For human-readable use either date -d@ (gnu-date) or date -r (bsd-date)
$ date -d@$((0x`echo|nc -w1 time.nist.gov 37|xxd -p`-64#23GDW0))
Thu, Mar 12, 2020 2:36:00 PM
$ uname -a
MINGW64_NT-10.0-17763
NOTE: The above was done on windows using git-provided bash and xxd, and choco-provided nc (netcat) . That is, as follows:
- install free choco from https://chocolatey.org as it says in GettingStarted, namely Start: powershell (admin) and paste in this one big line:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
- Then just
choco upgrade git
andchoco upgrade netcat
To get a bash-shell (with$
prompt), right-click on any folder: Git Bash Here
Or run from command-line"C:\Program Files\Git\git-bash.exe"
For testing the rf868time.exe
(Unixwiz.net RFC868rdate time service) on windows, the right time/date is returned by rf868time.exe when querried from mac/linux using rdate <ip-of-windows>
with firewall off. For example, with windows pc at 169.254.169.254
-bash-4.1$ uname -a
Linux ...
-bash-4.1$ rdate 169.254.169.254
rdate: [169.254.169.254] Thu Mar 12 15:17:09 2020
While rdate gets correct date/time from windows pc, note that using bash/nc/xxd line I get errror and wrong date... I'll fix this posting when I figure out what is going on... maybe a byte-order (little-endian) thing? or maybe permissions on priv port???
$ date -d@$((0x`echo|nc -w1 localhost 37 | xxd -p`-64#23GDW0))
nc: Write error: Connection refused
Sun, Dec 31, 1899 7:00:00 PM
$ echo $((0x`echo|nc -w1 localhost 37 | xxd -p`-64#23GDW0))
nc: Write error: Connection refused
-2208988800
On XP test box, the time has stayed correct even when local time went back 1 hour in autumn with seasonal switch from EDT to EST.
The XP is getting time from a windows-7 computer, and the win7 pc gets correct time from internet.